Large-scale security policy management (SPM) typically involves human computer security experts working to refine security policies. One of the most challenging tasks for security experts is the identification of threats that may have already evaded intrusion detection systems (IDS) and web application firewalls (WAF). Because activity is tracked in computer logs such as web access logs, threats may be discovered by identifying anomalous patterns in the computer logs. Human computer security experts typically manually sift through logs in an attempt to identify anomalous patterns. However, given the vast amount of log data, identifying anomalous patterns is akin to finding a “needle in the haystack.” The end-to-end time-to-discover is long and the largely manual process is exhausting. For example, as web traffic grows, it is becoming increasingly more critical to discover anomalies as fast as possible in the most efficient manner possible. Therefore, there exists a need for a faster and more efficient way to discover anomalies in entries of computer logs to improve security and functioning of a computer system.